In this article you will find:

  1. How to create relevant policies in AWS

  2. How to configure AWS connector

Vulcan supports the following services of AWS:

  • AWS EC2

  • AWS Inspector

  • AWS ECR

  • AWS ECS

Each of these services required of permission set. To apply those services to Vulcan, first, create a policy and attach it to a user.

Note: For AWS Inspector additional permissions needed: inspector:ListAssessmentTemplates, inspector:PreviewAgents

Note: if you are using multiple AWS instances, please follow the manual of how to define AWS Cross Account user guide.

1. How to create relevant policies in AWS

  1. Open the Amazon IAM and go to Policies

  2. Click on Create Policy

  3. Select the service you wish to create a policy to

  4. Create a policy and specify actions for each one of the following: 

  • EC2 - DescribeInstances, DescribeSecurityGroups

  • Inspector - ListFindings, ListAssessmentRuns, DescribeFindings, DescribeAssessmentRuns

  • Elastic Container Registry - DescribeRepositories, ListImages, DescribeImages, ListTagsForResource.

  • Elastic Container Service - ListClusters, DescribeClusters, ListContainerInstances, DescribeContainerInstances

How to create a user in AWS

Create a user in AWS IAM and attach the relevant policy.

  1. Open the Amazon IAM and go to Users

  2. Click on Add user

  3. Set user name - It is recommended to give indicative name (For example 'Vulcan_user')

  4. Set access type Programmatic access

  5. Under Set permission, click on Attach existing policies directly

  6. Set the policies you've created in advance. Click Next

  7. Set any tags you might want to use. Click Next

  8. Review and click Create user

  9. The Access Key ID and Secret access key are required fields when defining the connector in Vulcan. It is extremely important to keep those credentials

10. You're all set from AWS - Now all we need is to define connector in Vulcan.

2. Defining AWS Connector

In the Connectors page, click on Add a Connector.

Click on AWS connector.

Fill in the following credentials:

Account ID - AWS account number.
API Key - The Access key ID generated when user Vulcan with relevant policies was created
Secret Key - The Secret access key generated when user Vulcan with relevant policies was created
Regions - Select regions you want to pull data from
AWS services checkboxes - Check the relevant AWS services you want to pull data from. Note that it is required that the API Key and Secret Key you've entered are expected to be with the permissions to that product (as aforementioned in the first section)

Click Create, and that's it! AWS connector is all set up.

Misc

Inspector Findings Logic

In order to display the inspector findings in Vulcan, the connector would iterate over all of the ARN scan templates. From each template it will pull the latest run result, and grab the findings from there. every finding that appeared in the past, but does not come up in the recent scan, will be automatically moved to the "Fixed" status in Vulcan.

AWS inspector - Sync logic

  • days to fetch parameter - The date to filter Assessment Runs greater then the given date:

  • inspector.list_assessment_runs(filter={'completionTimeRange': {'beginDate': DAYS-AGO}})

  • Fetch the data only for the latest 'completedAt' scan that came back, per run assessment

Did this answer your question?